<?php
	
	include('cms.php');
	
	$user = DataLatte::escape($_POST['user']);
	$pass = DataLatte::escape($_POST['pass']);
	$success = FALSE;
	
	
	
	if(empty($user)){
		//Check if user is empty
		Session::error($strings['invalidUser'] . " (1)");
	}elseif(empty($pass)){
		//Check if pas is empty
		Session::error($strings['invalidPass'] . " (2)");
	}else{
		
		//Check if user exists
		$count = DataLatte::getsingle("SELECT COUNT(*) FROM cmsUser WHERE mail = '$user'");
		
		if($count == 0){
			Session::error($strings['invalidUser'] . " (3)");
		}else{
			
			//Retrieve user by password checking
			$user = DataLatte::oneof('User', "SELECT * FROM cmsUser WHERE mail = '$user' AND pass = MD5('$pass')");
			
			if(!$user){
				
				Session::error($strings['invalidPass'] . " (4)");
				
			}else{
				$_SESSION['userid'] = $user->iduser;
				$_SESSION['usernick'] = $user->nick;
				$_SESSION['usermail'] = $user->mail;
				$_SESSION['userlevel'] = $user->level;
				$_SESSION['useradmin'] = $user->admin;
				$success = TRUE;
			}
			
		}
		
	}
	
	if($success){
		header('Location: editor.php');
	}else{
		header('Location: index.php');
	}
?>